• DocumentCode
    644309
  • Title

    IDS for detecting malicious non-executable files using dynamic analysis

  • Author

    Bazzi, Ahmad ; Onozato, Yoshikuni

  • Author_Institution
    Graduate School of Engineering, Gunma University, 1-5-1 Tenjin-cho, Kiryu, 376-8515, Japan
  • fYear
    2013
  • fDate
    25-27 Sept. 2013
  • Firstpage
    1
  • Lastpage
    3
  • Abstract
    Attackers are increasingly relying on non-executable files to launch their attacks. Anti-virus solutions can detect a high percentage of malicious files but usually cannot reach and maintain a 100% detection rate. We propose a file-level IDS that relies on automated dynamic analysis system (sandbox) to detect malicious PDF files. We achieved a 99.2% detection rate, where the rates of both the false positives and the false negatives are less than 1%. Because it does not rely on anti-virus signatures, this solution can detect malicious documents that utilize malware not covered by the anti-virus database.
  • Keywords
    Databases; Portable document format;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium (APNOMS), 2013 15th Asia-Pacific
  • Conference_Location
    Hiroshima, Japan
  • Type

    conf

  • Filename
    6665213
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=644309